See <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/103/display/redirect> ------------------------------------------ [...truncated 5459 lines...] topology_st = <lib389.topologies.TopologyMain object at 0x7f7b8c07c850> accpol_local = None def test_locact_inact(topology_st, accpol_local): """Verify if user account is inactivated when accountInactivityLimit is exceeded. :ID: 02140e36-79eb-4d88-ba28-66478689289b :feature: Account Policy Plugin :setup: Standalone instance, ou=people subtree configured for Local account policy plugin configuration, set accountInactivityLimit to few secs. :steps: 1. Add few users to ou=people subtree in the default suffix 2. Wait for few secs before it reaches accountInactivityLimit and check users. 3. Run ldapsearch as normal user, expected 0 4. Wait till accountInactivityLimit is exceeded 5. Run ldapsearch as normal user and check if its inactivated, expected error 19. 6. Replace user'\''s lastLoginTime attribute and check if its activated, expected 0 :assert: Should return error code 19 """ suffix = DEFAULT_SUFFIX subtree = "ou=people" userid = "inactusr" nousrs = 3 log.info('\''AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs'\'') add_users(topology_st, suffix, subtree, userid, nousrs, 0) log.info('\''Sleep for 9 secs to check if account is not inactivated, expected value 0'\'') time.sleep(9) log.info('\''Account should not be inactivated since AccountInactivityLimit not exceeded'\'') account_status(topology_st, suffix, subtree, userid, 3, 2, "Enabled") log.info('\''Sleep for 2 more secs to check if account is inactivated'\'') time.sleep(2) account_status(topology_st, suffix, subtree, userid, 2, 0, "Disabled") log.info('\''Sleep +9 secs to check if account {}3 is inactivated'\''.format(userid)) time.sleep(9) account_status(topology_st, suffix, subtree, userid, 3, 2, "Disabled") log.info('\''Add lastLoginTime attribute to all users and check if its activated'\'') add_time_attr(topology_st, suffix, subtree, userid, nousrs, '\''lastLoginTime'\'') > account_status(topology_st, suffix, subtree, userid, nousrs, 0, "Enabled") <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:883: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ topology_st = <lib389.topologies.TopologyMain object at 0x7f7b8c07c850> suffix = '\''dc=example,dc=com'\'', subtree = '\''ou=people'\'', userid = '\''inactusr'\'' nousrs = 3, ulimit = 0, tochck = '\''Enabled'\'' def account_status(topology_st, suffix, subtree, userid, nousrs, ulimit, tochck): """Check account status for the given suffix, subtree, userid and nousrs""" while (nousrs > ulimit): usrrdn = '\''{}{}'\''.format(userid, nousrs) userdn = '\''uid={},{},{}'\''.format(usrrdn, subtree, suffix) if (tochck == "Enabled"): try: topology_st.standalone.simple_bind_s(userdn, USER_PASW) except ldap.LDAPError as e: log.error('\''User {} failed to login, expected 0'\''.format(userdn)) > raise e E CONSTRAINT_VIOLATION: {'\''info'\'': '\''Account inactivity limit exceeded. Contact system administrator to reset.'\'', '\''desc'\'': '\''Constraint violation'\''} <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:306: CONSTRAINT_VIOLATION ---------------------------- Captured stderr setup ----------------------------- INFO:lib389.utils:Adding Local account policy plugin configuration entries ----------------------------- Captured stderr call ----------------------------- INFO:lib389.utils:AccountInactivityLimit set to 10. Account will be inactivated if not accessed in 10 secs INFO:lib389.utils:add_users: Pass all of these as parameters suffix, subtree, userid and nousrs INFO:lib389.utils:Sleep for 9 secs to check if account is not inactivated, expected value 0 INFO:lib389.utils:Account should not be inactivated since AccountInactivityLimit not exceeded INFO:lib389.utils:Sleep for 2 more secs to check if account is inactivated INFO:lib389.utils:Sleep +9 secs to check if account inactusr3 is inactivated INFO:lib389.utils:Add lastLoginTime attribute to all users and check if its activated INFO:lib389.utils:Enable account by replacing lastLoginTime/createTimeStamp/ModifyTimeStamp attribute ERROR:lib389.utils:User uid=inactusr3,ou=people,dc=example,dc=com failed to login, expected 0 _____________________________ test_locinact_modrdn _____________________________ topology_st = <lib389.topologies.TopologyMain object at 0x7f7b8c07c850> accpol_local = None def test_locinact_modrdn(topology_st, accpol_local): """Verify if user account is inactivated when moved from ou=groups to ou=people subtree. :ID: 5f25bea3-fab0-4db4-b43d-2d47cc6e5ad1 :feature: Account Policy Plugin :setup: Standalone instance, ou=people subtree configured for Local account policy plugin configuration, set accountInactivityLimit to few secs. :steps: 1. Add few users to ou=groups subtree in the default suffix 2. Plugin configured to ou=people subtree only. 3. Wait for few secs before it reaches accountInactivityLimit and check users. 4. Run ldapsearch as normal user, expected 0 5. Wait till accountInactivityLimit exceeded 6. Move users from ou=groups subtree to ou=people subtree 7. Check if users are inactivated, expected error 19 :assert: Should return error code 0 and 19 """ suffix = DEFAULT_SUFFIX subtree = "ou=groups" userid = "nolockusr" nousrs = 1 log.info('\''Account should not be inactivated since the subtree is not configured'\'') > add_users(topology_st, suffix, subtree, userid, nousrs, 0) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:909: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:278: in add_users users.create(properties=user_properties) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/_mapped_object.py>:840: in create return co.create(rdn, properties, self._basedn) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/_mapped_object.py>:642: in create self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:158: in inner return f(ent.dn, ent.toTupleList(), *args[2:]) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:195: in add_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:514: in result3 resp_ctrl_classes=resp_ctrl_classes <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:521: in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <lib389.DirSrv object at 0x7f7b8c07c150> func = <built-in method result4 of LDAP object at 0x7f7b933bccb0> args = (14, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None e = INSUFFICIENT_ACCESS({'\''info'\'': "Insufficient '\''add'\'' privilege to the '\''userPassword'\'' attribute", '\''desc'\'': '\''Insufficient access'\''},) def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('\''*** %s %s - %s\n%s\n'\'' % ( repr(self), self._uri, '\''.'\''.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: > result = func(*args,**kwargs) E INSUFFICIENT_ACCESS: {'\''info'\'': "Insufficient '\''add'\'' privilege to the '\''userPassword'\'' attribute", '\''desc'\'': '\''Insufficient access'\''} /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:106: INSUFFICIENT_ACCESS ----------------------------- Captured stderr call ----------------------------- INFO:lib389.utils:Account should not be inactivated since the subtree is not configured INFO:lib389.utils:add_users: Pass all of these as parameters suffix, subtree, userid and nousrs ______________________________ test_locact_modrdn ______________________________ topology_st = <lib389.topologies.TopologyMain object at 0x7f7b8c07c850> accpol_local = None def test_locact_modrdn(topology_st, accpol_local): """Verify if user account is inactivated when users moved from ou=people to ou=groups subtree. :ID: e821cbae-bfc3-40d3-947d-b228c809987f :feature: Account Policy Plugin :setup: Standalone instance, ou=people subtree configured for Local account policy plugin configuration, set accountInactivityLimit to few secs. :steps: 1. Add few users to ou=people subtree in the default suffix 2. Wait for few secs and check if users not inactivated, expected 0. 3. Move users from ou=people to ou=groups subtree 4. Wait till accountInactivityLimit is exceeded 5. Check if users are active in ou=groups subtree, expected 0 :assert: Should return error code 0 """ suffix = DEFAULT_SUFFIX subtree = "ou=people" userid = "lockusr" nousrs = 1 log.info('\''Account should be inactivated since the subtree is configured'\'') > add_users(topology_st, suffix, subtree, userid, nousrs, 0) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:950: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/389-ds-base/dirsrvtests/tests/suites/plugins/accpol_test.py>:278: in add_users users.create(properties=user_properties) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/_mapped_object.py>:840: in create return co.create(rdn, properties, self._basedn) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/_mapped_object.py>:642: in create self._instance.add_ext_s(e, serverctrls=self._server_controls, clientctrls=self._client_controls) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:158: in inner return f(ent.dn, ent.toTupleList(), *args[2:]) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:195: in add_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:514: in result3 resp_ctrl_classes=resp_ctrl_classes <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:521: in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) <http://vm-166.abc.idm.lab.eng.brq.redhat.com:8080/job/NIGHTLY/ws/source/lib389/lib389/__init__.py>:162: in inner return f(*args, **kwargs) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ self = <lib389.DirSrv object at 0x7f7b8c07c150> func = <built-in method result4 of LDAP object at 0x7f7b933bccb0> args = (15, 1, -1, 0, 0, 0), kwargs = {}, diagnostic_message_success = None e = INSUFFICIENT_ACCESS({'\''info'\'': "Insufficient '\''add'\'' privilege to the '\''userPassword'\'' attribute", '\''desc'\'': '\''Insufficient access'\''},) def _ldap_call(self,func,*args,**kwargs): """ Wrapper method mainly for serializing calls into OpenLDAP libs and trace logs """ self._ldap_object_lock.acquire() if __debug__: if self._trace_level>=1: self._trace_file.write('\''*** %s %s - %s\n%s\n'\'' % ( repr(self), self._uri, '\''.'\''.join((self.__class__.__name__,func.__name__)), pprint.pformat((args,kwargs)) )) if self._trace_level>=9: traceback.print_stack(limit=self._trace_stack_limit,file=self._trace_file) diagnostic_message_success = None try: try: > result = func(*args,**kwargs) E INSUFFICIENT_ACCESS: {'\''info'\'': "Insufficient '\''add'\'' privilege to the '\''userPassword'\'' attribute", '\''desc'\'': '\''Insufficient access'\''} /usr/lib64/python2.7/site-packages/ldap/ldapobject.py:106: INSUFFICIENT_ACCESS ----------------------------- Captured stderr call ----------------------------- INFO:lib389.utils:Account should be inactivated since the subtree is configured INFO:lib389.utils:add_users: Pass all of these as parameters suffix, subtree, userid and nousrs ============= 11 failed, 611 passed, 1 skipped in 8924.93 seconds ==============' + '[' 1 -ne 0 ']' + echo CI Tests 'FAILED!' CI Tests FAILED! + MSG=FAILED + RC=1 + sudo /usr/sbin/sendmail mreynolds@xxxxxxxxxx firstyear@xxxxxxxxxx + sudo rm -rf /var/tmp/slapd.vg.118806 /var/tmp/slapd.vg.14926 /var/tmp/slapd.vg.15028 /var/tmp/slapd.vg.32108 + exit 1 Build step 'Execute shell' marked build as failure _______________________________________________ 389-devel mailing list -- 389-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx